Competitive Differentiation

products, processes, people, or business ideals which set a business apart from their industry

For example, Laura’s small business runs servers in the cloud, making Laura’s hosting costs flexible. Curt’s small business houses applications on physical servers at a local datacenter which are expensive to run and maintain. Curt’s business runs with higher upfront capital expenses and must charge more for the product. Laura can differentiate herself from the market by lowering her bottom line.

While cloud offerings are the same to Laura as they are Curt, one takes advantage of the efficiencies. Cloud adopters have seen their infrastructures develop into auto-scaling, elastic systems which consistently match demands of the business.

FUD

Fear, Uncertainty and Doubt

Example, a lot of FUD exists in the DDoS mitigation market.

HTTP GET Flood

Layer 7 attack method which sends a high volume of requests to overwhelm resources

An HTTP GET Flood essentially mimics standard web traffic but amplifies to the point that resources cannot handle requests.

HOIC

Next generation of LOIC, randomized signatures mask sources of traffic, making it difficult for edge devices to differentiate attack traffic from legitimate visitors.

Hacktivism

Cyberattack movement motivated by political protest or social activism

Hacktivists often target goverments, law enforcement agencies, political parties or religious groups with DDoS or other attacks.

DNSSEC

DNS Security Extensions

an extension of standard DNS, provides clients with origin authentication of DNS data and verification of the integrity of that data

Typically used to protect against spoofing, DNSSEC uses several nonstandard resource records including RRSIG, DNSKEY, DS, and NSEC. A standard record lookup answer contains an RRSIG record in addition to the type requested. the RRSIG is a digital signature, verified by finding the public DNSKEY record.

SDN

Software Defined Networking

administrative control interface of network equipment separate from the data plane

DevOps

A job role which includes both software programming (dev) and server/network administration (ops)

Two old IT silos, development and operations, have combined into one job description. DevOps individuals generally bridge the gap between these two silos and can translate software engineers’ requirements to the server and network teams.

Peak Load Capacity

the potential ability of an infrastructure to perform under the highest necessary demand

Peak load is the time of highest resource demand from an application. Traditionally, equipment needed to be requisitioned to handle peak load but those resources became underutilized during other timeframes throughout the day. With the cloud, admins do not need to engineer the environment for the highest load levels. Resources can be scaled up or down to match demand.

Hardware Abstraction

sets of routines in an operating system or applications which provide a platform to access underlying hardware resources

Early computing systems did not have a hardware abstraction layer (HAL) and software developers needed to know how to communicate with each hardware device. With HALs, software instructs the operating system what it needs from a device and the OS translates those instructions.

If you have ever run into driver issues on a Microsoft Windows Server during a P2V, sysprep, or when moving between virtualization platforms, a common problem is with the HAL-related DLLs. For example, a Standard PC may use hal.dll while an ACPI Multiprocessor PC utilizes halmacpi.dll. Device Manager does not allow for changing between these HALs and a new build of the OS is required.

CC

Compute Cycle

unit of measurement, typically in cloud environments, which represents an aggregation of processor, memory and disk IO metrics

This measurement varies from one provider to the next but many charge customers based on CC’s. A common benchmark is that 10,000 compute cycles per month is roughly equivalent to a modern processor. Rackspace defines as 10k CC = one 2.8GHz server processor capacity although disk IO may also figure into the final number.

Access Control

the ability to monitor, verify, and restrict connections between people, assets, or information.

Access control is the castle guard, asking for identification or a password, verifying you have access to certain areas of the internal environment. In the IT context, access control may include subnet control, VLAN segmentation, file security, and other controls in place which check an individual’s credentials and group membership.

Access Control relates to permitting or denying access, an interactive process, while perimeter control is intrusion prevention.

Perimeter Control

authority of network intrusion at the edge device. In the cloud context, normally a port and IP-blocking firewall

Perimeter control is the castle wall, a first line of defense against intruders. The term is normally referred to in the IT context as the firewalls and edge devices used to allow and block traffic into the DMZ or internal network but may be expanded to include physical security such as card readers, physical datacenter keys, security guards, etc.

Intercloud

Theory that each cloud is an extension of the internet and may be interconnected to other clouds to increase resource allocation and geographic topology

Intercloud is based on the grid concept that each, single cloud does not have unlimited geographic footprint or infinite resources. If a cloud saturates its own infrastructure, it can still satisfy requests for service from clients. The scenario would processing, storage, or other resources can be allocated from other clouds. The commodity is easily transferable and may eventually create a more open market between vendors.

The global internet makes it possible to pool resources from not just a variety of hosting providers but individual computing sources. Microsoft once explored the possibility of putting resources in residential homes. These servers would heat the home and be a part of a global grid of computing power.

ITaaS

IT as a Service – an all-encompassing service model describing an IT department utilizing cloud as a part of their service offering

IaaS, PaaS, SaaS, STaaS, SECaaS, DaaS, TEaaS, APIaaS

This IT methodology means IT departments are flexible and procedures are set to administer systems from anywhere. Distributed business units are supported by a distributed IT department.

TEaaS

Test Environment as a Service – a delivery model in which a software development platform is centrally hosted, an on-demand test environment

Products like GIT make it possible to point to a variety of locations for source control, dev and testing. Spinning up an on-demand test environment quick and easy with the advent of cloud computing.

DaaS

Data as a Service – data is presented from a centralized location to applications or users, regardless of their location or device

An example of DaaS is Xignite who provides financial market data on demand via their API. Another is Urban Mapping, a geography data service that allows real-estate companies to embed data in their own sites and apps.

DaaS

Desktop as a Service – a hosted personal computing environment separate from a physical location or machine

The end user is delivered the information system environment (email, file servers, internal apps) or the environment itself (a full desktop) to a remote client device. The client device may use an entirely different hardware architecture from that used by the projected desktop environment, and may also be based upon an entirely different operating system. A user may log in from a thin client locally, through a web portal over the internet, or from mobile devices.

aka: Virtual Desktop Infrastructure (VDI), client virtualization

DDoS Attack Forensics

metrics, traffic sources, and characteristics associated with a DDoS attack are provided in this report

Services like Incapsula provide information to customers about the origin of DDoS attacks, real IP addresses, and other details in a post-attack report.

9/30/2013

Exploit

a system or application vulnerability, used to gain unauthorized access

9/27/2013

Blackholing

practice to make the victim of an attack offline to both malicious and legitimate traffic

ISPs will blackhole a customer undergoing a DDoS attack to block all traffic to their IP address block. The goal is to take all traffic for the victim offline and ensure other customers remain online.

9/26/2013

DNS Reflection

DDoS attack targeting large DNS records where the response is larger than the request.

For example, if an attacker identifies a TXT record for test.example.com showing response a1q8u28ueu2u372u8fgnjdgujegrurgjuijir29j@example2.com, they will repeatedly make calls to resolve that name at the name server, attempting to overload and take down the host.

aka. amplification attack (see below),

9/25/2013

DNS Flood

DDoS attack focused on domain name servers

Many of the unmanaged name server and name registrars have been victims of DNS flood attacks in recent years. Among others, Network Solutions and GoDaddy have experienced extended outages due to DDoS targeting their name servers.

Dirt Jumper

itsoknoproblembro

a suite of hacking tools, mainly used to generate a sophisticated DDoS attack. itsoknoproblembro controls commercial servers and can generate higher bandwidth output from a small number of hosts.

In the fall of 2012, the US banking industry sustained an itsoknoproblembro DDoS attack that peaked at or above 70 Gbps.

9/20/2013

Botnet Takeover

occurs when a hacker subverts control of another hacker’s command and control server

9/19/2013

Botnet Takedown

security experts and law enforcement identify traffic to and from bots to discover the location of command and control server

9/18/2013

Botnet

A network of bots that can be commanded by a single control system.

Many distributed denial of service attacks are run using botnets. The attacker controls many individual machines to overwhelm a website, service, or infrastructure to make it unavailable to its intended users.

9/17/2013

Bot

A computer or server under control of a third party

9/16/2013

BGP

Border Gateway Protocol

at the edge of a network, core routing decisions to and from the internet are made at the BGP

When using a DDoS mitigation service, there are normally 2 options to implement. 1. DNS change to route name traffic through the DDoS mitigation provider 2. BGP implementation. Utilizing BGP enables IP traffic to be scrubbed and works as a reverse proxy for internet traffic.

9/13/2013

Autonomic Computing

self-managing characteristics of technology resources which automatically adjust to demand and change while hiding complexities of the underlying architecture from end users

9/12/2013

Utility Computing

computing resources packaged as a metered service

The “aaS” in IaaS, PaaS, and SaaS means the related resources are delivered as a service, in a utility computing fashion. Adoption of this delivery model has dramatically increased since 2010

9/11/2013

Level 3 and 4 DDoS

network-level denial of service which floods network (3) and transport (4) layers

Network-level attacks rely on high volumes of data to consume resources, slow performance and eventually degrade legitimate access to a service.

9/10/2013

Application-level DDoS

overloads the web or app server by making excessive requests at the code level. Excessive login, database lookups, or web requests are considered app-level DDoS

Contrary to network-level attacks, an application DDoS follows the same connection process as legitimate users. The number of requests from the distributed sources cause resources to become overloaded.

DDoS mitigation services like Incapsula help filter bots at the application layer.

9/9/2013

Amplification Attack

An attacker makes requests that generate a larger response from the web server.

An example is HTTP GET requests for the large web image files. Multiple DNS requests for large TXT records also qualifies as an amplification attack.

9/6/2013

Xen

Xen Server, Citrix’s hypervisor and virtualization platform

Xen is used by AWS and Rackspace to virtualize their cloud offerings. Updates may be periodically available on running EC2 instances and Cloud Servers.

9/5/2013

Hyper-V

Microsoft’s hypervisor and virtualization platform for Windows Server

Hyper-V is Microsoft’s answer to VMware’s ESX systems. The newest version, released in Windows Server 2012, includes important new features including storage resource pools, .vhdx disk format, live migration without shared storage, and other improvements.

9/4/2013

ESX

VMware’s hypervisor that runs directly on the host server hardware to enable virtualization

All VMware-virtualized servers will run ESXi in the future which has a smaller footprint than legacy ESX systems. Advanced features of ESX are now available through purchases of vCenter licensing.

The common consensus is that ESX is derived from the name Elastic Sky X but this does not appear in any official VMware publications.

Grid Supercomputing

a distributed system running over a network from multiple locations

A grid member computer is typically connected by a network interface instead of the high-speed computer bus in typical supercomputers. A common application of grid computing is in CPU scavenging where unused resources of network participants, home computers, servers, etc, run instruction cycles while the user is away at night or at lunch.

aka virtual supercomputers

8/29/2013

Obfuscation Policy

a practice used to intentionally design systems to be difficult to understand. In the web development realm, code structure is harder to read for security purposes.

Program slicing or Deobfuscation techniques are employed to reverse engineer obfuscation. A tool called an obfuscator is used to convert code.

8/28/2013

SNI

Server Name Identification

during the SSL handshake, a hostname can be identified between a client and server, allowing multiple HTTPS websites to be served off the same IP address and port without requiring those sites use the same certificate

While SNI sounds great, is not supported for Windows XP users with any version of Internet Explorer. They will be presented with a default certificate and likely would receive cert warnings when visiting a site. The latest market share numbers still show XP holding ~37% market share despite the looming end of support by Microsoft.

Availability

the degree to which a system is operable and serving a specific endpoint, typically shown in percentage form

Uptime and availability are not synonymous. The example is network outages or blips. A system may be 99.99% available from an Eastern US location but only 99.97% available from a Europe monitoring host due to network latency. The server hosting the given application may have 100% uptime and has never stopped serving its core function, despite the network interruptions.

8/26/2013

Uptime

the duration in which a system successfully provides its primary function

In 2005, Novell reported a server with 6-year uptime. This type of uptime is possible when patching is rarely performed, power supply is consistent, and a server hosts mostly internal services.

Uptime and availability are not synonymous. A network outage may cause a service to be partially unavailable to some users while the server itself maintains uptime.

8/23/2013

Replace vs Repair

one resource assumes the former role of another instead of patching or upgrading

Replace vs Repair is a concept made possible by virtual infrastructures and the cloud. Example is web infrastructure. Web server 1 hosts a website and the operating system needs to be patched. In front of the server is a load balancer. Web server 2 is deployed from web server 1’s image. OS updates are run on web server 2 and it is rebooted. Once site functionality is confirmed on server 2, it is added to the load balancer pool. Web server 1 is removed and deleted. The load balancer now sends all traffic to web server 2 and no disruption in site functionality is realized.

8/22/2013

Location Independence

computing attribute in which services and applications can be run from any geopgraphic location

Similar to and often coupled with device independence, location independence means an end user can run services from work, home, coffee shops, cell phones or tablets.

8/21/2013

Device Independence

a computing attribute in which a software application is able to function on multiple devices regardless of operating system or hardware

Device Independence is a key strength of the SaaS delivery model. Users access the same software on their PC, phone, or tablet. Services are configured on cloud infrastructure are often optimized to be device independent.

Related terms: Hardware Agnostic, Platform Agnostic

8/20/2013

Client-Server Model

computing model of providers (servers) and requesters (clients) which communicate over a network

This model has changed in recent years with the advent of cloud computing. During the golden years of IT, clients and servers were contained within local LANs where employees worked within the confines of the building walls. Now, cloud delivery models make services available from anywhere on multiple devices. Clients connect over the internet rather than on the local LAN.

8/19/2013

Middleware

services, apps, drivers or software which provide developers an interface to resources beyond those available from a base OS

The following functions may be performed by middleware:

hide distribution of processing, network, or storage

provide hardware agnostic functionality to the software layer

optimize resource efficiency

supply common commands and functions to the software layer to avoid additional coding

provide standardized interfaces for developers so applications can interoperate and be easily ported

8/16/2013

WAN

Wide Area Network

computer network that covers a broad area, typically referencing the public internet

8/15/2013

Layer 3 Device

Layer 3 is the network layer of the OSI model, where devices are responsible for packet forwarding and routing

Layer 3 is the most significant layer of the internet protocol although this layer is not limited to IP. It also applies toNovell IPX and DDR.

In the post office analogy, layer 3 devices route the mail. Computer 1 knows how to get to the post office, a router, but nothing more. The post office or router sends computer 1’s traffic where it needs to go.

IP Spoofing

process of generating traffic with a forged source IP address with the purpose of concealing the identity of the sender or impersonating another computing system

IP Spoofing is typically a malicious attempt to gain access to network resources by making traffic appear to come from an illegitimate IP. DDoS attacks use IP address spoofing to make it difficult to block or blacklist source IPs.

8/13/2013

Ingress Filtering

Ingress filtering restricts outside access in to the network. An ingress rule may be that remote desktop is only allowed from a particular source address, ensuring traffic originates from a friendly location.

8/12/2013

Egress Filtering

Egress filtering will restrict internal users from getting off of the organizational network to transmit various types of network traffic. For example, Egress filtering may only allow http and https traffic from all employee desktop computers so no outbound FTP, RDP or various file transfer protocols can be used.

8/12-8/16 is firewall week!

8/9/2013

X-Nines

Refers to the percentage of availability of a computer system

Example, a 5-nines system indicates 99.999% availability or approx. 5 1/2 minutes per year. A 5 nines system is generally considered highly available where every component is run in duplicate with a hot standby for automatic failover. For example, 2 database hosts may run as a part of a cluster to keep a single database running at all times. When one servers goes offline or needs to be rebooted, the db “fails over” to the other.

M2M Protocols

Set of tools and methods to enable communication directly between devices. M2M Protocols make an open Internet of Things a reality by creating a fabric of interfaces between every day objects.

8/7/2013

OCCI

Open Cloud Computing Interface – a common set of open, community-driven specifications for public cloud resource interactions

OCCI provides a protocol and common API components for IaaS based services. The current OCCI specification set consists of three documents, with future releases planned to include additional specifications.

SDK

Software Development Kit – a set of development tools which allow for the creation of software applications, built for a specific framework, hardware platform, computer system, operating system, or similar platform.

How is an SDK different from an API? An SDK is tooling for building something while an API is the interface. An analogy would be electrical wiring in your house. An API would be the power connections between an appliance and the wall while an SDK may be a kit to build a custom appliance. -a build-it-yourself toaster or something similar.

Examples of an SDKs include the iPhone app developmentSDK, Android SDK, or Xbox Development Kit.

8/5/2013

Access Control

the ability to monitor, verify, and restrict connections between people, assets, or information.

In the castle analogy, access control is the guard, asking for identification or a password, verifying you have access to certain areas of the internal environment. In the IT context, access control may include subnet control, VLAN segmentation, file security, and other controls in place which check an individual’s credentials and group membership.

Access Control relates to permitting or denying access, an interactive process, while perimeter control is intrusion prevention.

8/2/2013

Perimeter Control

authority of network intrusion at the edge device. In the cloud context, normally a port and IP-blocking firewall

Perimeter control is the castle walls, a first line of defense against intruders. The term is normally referred to in the IT context as the firewalls and edge devices used to allow and block traffic into the DMZ or internal network but may be expanded to include physical security such as card readers, physical datacenter keys, security guards, etc.

8/1/2013

Circular Dependency

relation between two or more entities which rely on each other to function properly

An example of a circular dependency is in public DNS. The root servers have the official names a.root-servers.net to m.root-servers.net. However, to look up the IP address of a root server from these names, a DNS resolver must first be able to look up a root server to find the address of an authoritative server for the .net DNS zone.

aka: mutually recursive relationship

7/31/2013

NTIA

National Telecommunications and Information Administration

agency of the US Department of Commerce responsible for domestic and foreign telecommunications policy

Top issues are related to broadband policy and radio spectrum frequency distribution. The NTIA attempts to ensure Americans have broadband access, even in under-equipped communities.

7/30/2013

DNS Root Zone

the top-level segment in a DNS namespace, most commonly referenced as the root zone of the largest global network, the internet

When you register a .com, .net, or .org, your domain name information is stored in the DNS root zone.

7/29/2013

Root Name Server

Resolves DNS for a domain root zone by returning a list of authoritative name servers for that domain

The Root Name Server runs for the top level domain. When a client needs to resolve a domain name to an IP address, the resolver splits the name into labels from right to left (example www.tritoneco.com). At the first label (.com), the root name server is queried to find which name server is responsible for the domain (tritoneco.com is at AWS Route 53. Others may point to Network Solutions, GoDaddy, Ultra DNS, or other providers). Then the name server returns more specific information for each label until the original request is fulfilled.

As of February 2013, there are 13 mainstream public root name servers in operation, maintained by organizations like Verisign, ICANN, and government entities.

7/26/2013

ICANN

Internet Corporation for Assigned Names and Numbers

oversees unique identifiers of the global internet to ensure stable and secure operation.

ccTLD

Country Code Top-Level Domain

category of top level domains reserved for a specific country, sovereign state, or territory

all ccTLDs are 2 letters long and all 2 letter TLDs are ccTLDs. Yes, .co is Columbia. These give opportunity for shortcodes and options for cute domains like Twitter’s t.co and bit.ly. Other examples: .us, .uk, .jp, .de

7/24/2013

gTLD

Generic Top-Level Domain

category of top-level domain maintained by the Internet Assigned Numbers Authority, the suffix at the end of a domain name

These are not language or country-specific. Examples: .com, .gov, .biz, .net, .org, .xxx

7/23/2013

MITM

Man in the Middle

a form of active eavesdropping on a network where the attacker makes connections between victims to relay messages between them and scrape information from that communication

An example of an attack is when an attacker eavesdrops on a public wifi network and allows unknowing clients to log in to websites. The attacker analyzes the traffic and obtains login user IDs, passwords, account numbers, etc.

7/22/2013

Obfuscation Technologies

devices which intentionally add complexity to make something difficult to understand or obtain

Just as developers will implement obfuscation to make their code harder to read and reverse-engineer, infrastructure admins may add a token to a login process to obtain resources like a file share or web authentication.

7/19/2013

Domain Name Registrar

an organization that reserves internet domain names for customers.

A domain name registrar must be accredited by a generic top-level domain registry or a country code top-level domain registry.

API

Application Programming Interface – set of routines, protocols, and tools for building software applications.

APIs are many times vendor-specific, providing the building blocks for a developer to put all the pieces together in a final product: desktop, web, mobile apps. Cloud provider APIs allow web developers to programmatically provision, scale and configure their infrastructure/platform.

7/17/2013

Name Servers

a host that provides responses to queries against a name directory service to map human-recognizable identifiers to a system addressing component

Domain information is maintained to point example.com to its IP addresses. MX records to point user@example.com to the correct mail host is hosted at the NS. CNAMEs and other records are also held at the name server.

DDoS

an attempt to make a service or network unavailable to its intended users, typically by saturating a server or network with so many external requests it cannot respond to legitimate traffic

Many hosting providers help mitigate DDoS attacks at their edge locations, before the traffic is exposed to a customer infrastructure. For example, customers can report DDoS traffic to the Amazon Web Services security team who can help block malicious traffic.

7/12/2013

PCV

Path Code Violation

networking event indicating that network frames are out of sync

Typically used in Cisco architectures, PCVs are typically seen when line coding is incorrect.

AKA: LCV (line code violation)

7/11/2013

OOSBP

Out of Schedule Backup Permitted

Backup jobs traditionally have run overnight of off peak hours. When a job fails or snapshots are not created, the backup may need to be manually rerun. When OOSBP is in effect, an admin may initialize this mid-day.

Deep Skillset

as it relates to IT talent, an individual who specializes in a specific area of technical expertise

Someone with a deep skillset may focus on a particular technology. For example, an engineer may have a deep Microsoft SQL skillset, years of experience, and can administer all aspects of the product but does not understand DNS routing, networking, etc.

aka: specialist, SME (subject matter expert), narrow skillset

7/8/2013

Wide Skillset

as it relates to IT talent and employment, an individual who understands and can support many different technologies

Their knowledge in any single area is general but can cover many different areas.

Multitenancy

a single instance of software or infrastructure serves multiple, diverse customers at the same time

Multitenant applications are much more efficient than the traditional client-server hosting model, where the server to customer ratio is 1:1. The other key attribute that makes cloud multitenant applications attractive is their scalability.

Undifferentiated Heavy Lifting

Undifferentiated heavy lifting is a term commonly used during the cloud pitch to describe the big, bulky, worrisome aspects of running local server and network infrastructure.

6/28/2013

APIaaS

Application Programming Interface as a Service

publicly-available code platform which allows developers to run a company’s procedures and subroutines to from a hosted, centralized environment

6/27/2013

SaaS

Software as a Service

IT product delivery model where application and associated data are centrally hosted on the cloud. Typically subscription based, users do not manage the infrastructure or platform on which the application is running

Examples of SaaS include Microsoft Office 365, Google Apps, and Salesforce.com applications. Rather than selling a local copy and license of Microsoft Office for $100-350, a SaaS model provides the software online for $6-20 per month. All documents, email, spreadsheets, and other files are hosted by Microsoft and are accessed independently of device or location.

6/26/2013

PaaS

Platform as a Service

a service model of cloud computing which provides a software development solution stack as a service, offering the facilities to deploy applications from anywhere without buying underlying hardware and software

Examples of PaaS include Rackspace Cloud Sites, Amazon Elastic Beanstalk, Windows Azure Web Sites and Google App Engine. PaaS is the layer between the software and the infrastructure, providing developers with specialized APIs in their specific programming segment. For example, a .NET developer looking for a place to host a web application, someone who uses SQL for his database backend and IIS for web hosting, may look to Microsoft Azure.

6/25/2013

IaaS

Examples of IaaS include various Web Services and Rackspace offerings. IaaS is the building block on which PaaS and SaaS are built. It replaces traditional on-site servers and networking. The solutions are elastic, administered from anywhere, and on-demand, pay for what you use.

6/24/2013

MSP

Managed Service Provider

MSPs typically support various levels of an IT solution. Some will only support hardware and virtualization while the customer is responsible from a server OS up through code. Others can manage an entire stack from hardware all the way through public endpoint.

6/21/2013

CSP

Cloud Service Provider

Generally a company that provides IT infrastructure through shared or dedicated hosting facilities. CSP is a general term that can be applied to differing markets.

The top of the CSP market share list includes Amazon Web Services, Rackspace and Microsoft Windows Azure

6/20/2013

ISV

Independent Software Vendor

Traditionally, ISVs sell a license to a customer who is then entitled to installation and use of various software functionality. Recently, ISVs are more commonly using SaaS cloud delivery to customers in which customers pay recurring subscription fees to utilize the software.

Examples of key players in the cloud ISV market are Citrix, Salesforce.com and Autodesk,

6/19/2013

SI

Systems Integrator

SIs implement various software or infrastructure projects for the customer. They often specialize in a specific technology or a single vertical/horizontal market. While the term is broad and may be applied to companies of all sizes, some of the largest infrastructure integrators include CapGemini, Cognizant, Booz Allen Hamilton, and WiPro Limited’s Technologies division.

6/18/2013

EDA

Event-Driven Architecture

framework that orchestrates and reacts to significant, identifiable occurrences within code, platform, or infrastructure

An EDA consists of event creators and consumers. Creators, usually some type of middleware event manager, is aware the event has occurred. Consumers receive notification of an event from a creator and react, process, or may be simply affected by the event.

Example, a consumer buys coffee from a distributor. The coffee inventory level lowers below a threshold. The distributor’s system treats this state change as an event which is published to various applications within the architecture. The website may remove the item from being displayed and an inventory system initiates the process to order more coffee.

6/17/2013

SOA

Service-Oriented Architecture

Underlying structure which is built to support communication between services, programs, or servers

SOA allows two computing entities to interact in such a way that one is able to perform a unit of work on behalf of the other. SOAP-based web services are the most common usage of SOA. Functionality can be siloed into separate servers or computing units. For example, a website may be composed of a static frontend site, hosted by a single server instance. When a visitor browses products, inventory services is called which are hosted in a separate computing instance. Checkout of an order is handled by yet another server. The entire process is managed by communications between the web services, programs talking to other programs. These do not have to be separated by infrastructure but may run at the code level on a single host.

6/14/2013

REST-based API

REpresentational State Transfer Application Programming Interface – for the web, a stack of software architecture for distributed systems which follows basic guidelines:

Each resource has an ID. the web service has a base URI (http://website.com/webapp)

The media type is a common, supported hypertext standard (many times XML but can be others)

The API must be hypertext driven

A standard set of API operations is supported within HTTP methods (GET, PUT, DELETE)

REST is not a “standard” published by any group or organization. The purest meaning of REST is just the architectural style. This style can be applied to HTTP and the web.

Alternatives are SOAP, RPC, CORBA and WSDL. The main differentiators for REST is agility of design, ease of implementation, better cache support, reduced network traffic, and an overall lightweight approach.

6/13/2013

Opportunity Cost

an economic concept which considers costs related to not making a decision. Opportunity costs are not restricted to direct monetary gain. Lost time, morale, output, and other indirect factors should also be considered.

This is an important concept in IT decision making as there may be no direct cost associated with maintaining the status quo of an onsite datacenter, physical servers, software licensing, etc. Studies show that roughly 80% of IT effort and expenditure is used on processes that do not create value for the organization but go towards maintaining that status quo. If a portion of this 80% can be redirected to core business processes and applications, a move to the cloud is a benefit which may not be realized unless that optimal option is considered.

6/12/2013

TCO

Total Cost of Ownership – total direct and indirect costs of a product or system

Because pricing structures of on-premises infrastructure and IaaS differ so much, accounting analysis may be necessary to realize the bottom line differences. CapEx, IT OpEx, and business-level OpEx should be examined. The TCO model should also extend over the expected lifecycle of applications and hardware.

6/11/2013

Cloud-Oriented Architecture

A conceptual model which centers in a hosted environment and encompasses core elements of a system infrastructure

On-premises infrastructure can be extended to a hosted environment to streamline disaster recovery. Some systems must be exposed to customers or to employees working outside the internal network. These public-facing pieces of infrastructure often perform better and more reliably when centrally hosted.

From a macro viewpoint, global adoption of cloud-oriented architectures is an essential building block towards the internet of things, where anything (park benches, coffee makers, cars) can be identified, tagged, and interconnected.

aka COA

6/10/2013

Commoditization

The process by which goods and services have distinguishable economic value in terms of uniqueness or brand become comparable commodities in the eyes of the market.

This may be a movement from a differentiated to an undifferentiated price or from monopolistic to healthy competition. In the IT context, computing power is in the process of being commoditized as it moves from specific vendors at local datacenters to cloud providers where services are interchangeable.

6/7/2013

Vendor Lock-In

an organization is unable to move between service providers because their data, processes or infrastructure are linked with one particular provider.

This has always been a problem in the technology realm and is nothing new for Iaas, PaaS, or SaaS. Most cloud providers are built on a standard set of products and processes which are portable. Scripts may be configured to work win a particular API. Industry professionals encourage Open Standards and several organizations have been formed to advocate a set of industry-wide principles. The costs of re-architecting load balancers and auto scale groups need to be considered as well

6/6/2013

DRP

Disaster Recovery Plan

A documented process to recovery key pieces of IT infrastructure. A DRP typically centers around technical procedures to recover important systems identified by the business.

6/5/2013

BCP

Business Continuity Plan

A documented process to identify exposures and recover core assets from interruption, such as a natural disaster. The BCP typically focuses on personnel and key management technologies.

6/4/2013

RCO

Recovery Consistency Objective

formula that factors the number of incorrect pieces of data in a disaster recovery. For example, corrupted database entries in an application.

RCO = 1 – (number of inconsistent entities) / (number of entities)

6/3/2013

RTA

Recovery Time Actual

Established during a business continuity or disaster recovery exercise, the time frame in which technology support takes to deliver infrastructure recovery

5/30/2013

RPO

Recovery Point Objective

The maximum tolerable period in which data might be lost from a technology service interruption.

Many banking applications are constantly being updated and must be able to restore in real time with few lost database transactions as a result of that recovery, meaning their RPO is very low. A highly available database cluster may be deployed. On the other side of the spectrum, a static web site is not updated often. The site database may be backed up nightly so if a restore must be done during the day, minimal changes were made during that day and data loss is limited.

5/29/2013

RTO

Recovery Time Objective

During disaster recovery and business continuity planning, RTO is the duration of time within which a core business process or service must be restored. For example, the amount of time required to restore a web application to alternate hosting in the event of failure.

5/28/2013

Wide Skillset

A set of technical abilities and experience that covers a wide variety of technologies but does not focus on one particular discipline

aka: generalist

5/24/2013

T-Shaped Skillset

A technical individual who holds a wide variety of knowledge and skills but specializes in a deep understanding of targeted, specific technologies

5/23/2013

SME

Subject Matter Expert

Commonly pronounced <smee>, a SME is an individual who specializes their skillset within one technology discipline. They carry wide and deep knowledge in the subject and usually has years of experience within a narrowly-defined area.

For example, a company may bring in a SQL SME to architect and plan database schemes.

Internal Cloud

An internal cloud is managed by an IT department within the organization’s walls.

5/21/2013

External Cloud

Private or public hosted IT services provided by a 3rd party outside the organization

Examples of External Cloud include Amazon Web Services, Rackspace Cloud and Microsoft Azure. Sometimes referred to as the public cloud, although these terms are not one-to-one exchangeable.

5/20/2013

Democratization

the process of making goods or services normally reserved for enterprises or a select few available to anyone

Enterprise-level infrastructure previously only available to those organizations who could afford it is now available to anyone with an internet connection. The investment of thousands of dollars to obtain the hardware, software, and maintenance necessary to run high performance applications is no longer required. Pre-cloud computing paradigms, total cost of ownership, staffing, and server room administration, that held back so many businesses have been disrupted.

5/17/2013

Big Data

generally used to describe data sets so large and complex they become awkward to work with using single instance database management tools

Utilitization

applying a financial model to a product or service which charges for metered usage

Whether termed the cloud or utility computing, a new economics model exists where computing infrastructure is moved to specialized providers who can use their scale to cost-effectively deliver this service. Compare this shift away from local data centers to that of the electricity model of the early 20th century. It was expensive for organizations to create their own electricity plant to power a factory. The same as those factories, cloud customers are now taking advantage of utilitized cloud offerings so they can focus on product innovation and the core business, rather than underlying storage, networking infrastructure, hardware failover, etc.

5/15/2013

OpEx

IaaS, SaaS, PaaS costs are considered operating expenses as they are paid on a recurring basis in flexible increments. Infrastructure stacks (hardware, virtualization, OS, database, associated licensing and support) are rolled into this monthly cost to the business.

5/14/2013

CapEx

Capital expenditures – When a business spends money to either buy fixed assets or add to the value of existing assets in the hope of realizing future value

For the cloud computing context, CapEx are the large investments in non-cloud infrastructure. Buying bulky (physically and on cash flows) servers, networking equipment, licensing, and software which needs to be configured, procured, and maintained by IT staff. Cloud computing provides an alternative to these clumsy CapEx purchases with on-demand, utilitized, virtual servers and equipment.

5/13/2013

Rationalized Access

More commonly known as role-based access, gives specific users and groups access to only to resources they need

For example, database admins may only have access to MySQL or a business unit is given rights to specific cloud storage buckets. Amazon Web Services has a well-developed Identity and Access Management System for accessing AWS resources. AWS IAM is capable of integrating with existing infrastructure like Microsoft Active Directory.

5/10/2013

Amalgamation

merging of business units, undertakings, or workflows into one. In cloud computing, the work of multiple organizations toward a standardized, portable set of development and infrastructure models.

The cloud community is considered an amalgamation as it centers around open source, open design, open development and an open community that is fully transparent. -as in the open standards cloud, common APIs. A good example is in the OpenStack participating companies.

5/9/2013

CDN

Content Delivery Network – A system consisting of multiple hosting locations that contain copies of data so clients can access the copy closest to them

The primary benefits of CDNs are redundancy and speed of access. Static content like photos and videos are commonly placed in CDNs. When a client browses out to that static content, it is retrieved from the data center closest to them, reducing time of access. Examples of CDNs are Amazon CloudFront and Rackspace Cloud Files, powered by Akamai.

5/8/2013

Vendor Lock-In

When an organization is unable to move between service providers because their data, processes or infrastructure are inextricably linked with one particular provider.

This has always been a problem in the technology realm and is nothing new for Iaas, PaaS, or SaaS. Most cloud providers are built on a standard set of products and processes which are portable. Scripts may be configured to work win a particular API. Industry professionals encourage Open Standards and several organizations have been formed to advocate a set of industry-wide principles. The costs of re-architecting load balancers and auto scale groups need to be considered. A majority of pricing models have been stable for a long time but situations like the Google App Engine price increase late last year could arise.

5/7/2013

Sunk Costs

retrospective, undepriciated costs that have already been incurred. -a generally well known business term, for the cloud, this means capital expenditures towards existing, internal IT hardware, software, and licensing

Classic economics states that sunk costs should not affect decision making. However, it is commonplace for stakeholders to deny their organization an opportunity to innovate because of a past, bad buying decision. While internal IT is considered CapEx, IaaS and cloud resources are OpEx, meaning 2 things; 1. a migration from internal to cloud may incur some sunk costs for past capital expenditures and 2. sunk costs are limited in a cloud project, turn off the servers, network, and other infrastructure at any time.

5/6/2013

Fungible

the properties of a good or commodity which make it freely exchangeable or replaceable for another of like properties

When the hardware that powers servers is indistinguishable and interchangeable, it becomes a fungible commodity. This interchangeable property means that applications and data are open and portable between providers. Servers can run on cloud infrastructure the way an appliance runs on electricity or a car runs on gasoline.

5/3/2013

CSP

Cloud Service Provider

CSPs may provide IaaS, PaaS, or SaaS products to a customer. In an audit like PCI, the CSP is responsible for maintaining compliance for technology levels under their control. Example, if a customer hosts their credit card-accepting web infrastructure on an IaaS system, the CSP is responsible for demonstrating PCI compliance for physical access, policy, virtualization, and other lower-level items. The customer would harden the server OS and code.

PCI-DSS

PCI DSS compliance must be met by web sites that receive credit card payments directly on the site. There are 4 levels which merchants fall into based on transaction volume over a 12-month period. While level 1 compliance may be as simple as answering a questionnaire, level 4 vendors normally are required to undergo an onsite review by a QSA (Qualified Security Assessor), show evidence of policies/procedures, and conduct quarterly security scans of various quadrants of their infrastructure.

4/30/2013

PHI

Protected Health Information

Typically referred to in the HIPAA context for health care, PHI refers to information created or received by a health care provider, health plan, public health authority, or employer; and which relates to the past, present, or future physical or mental health or condition of any individual.

4/29/2013

PII

Personally Identifiable Information

Examples of PII are HIPPA-protected health information, Gramm-Leach-Bliley (Financial Services Modernization Act of 1999) information, credit card information, birthdates, Social Security Numbers, and any personal data that when disclosed could result in the theft of the person’s identity.

NPE

More commonly known as “patent trolls,” NPEs have commonly squatted on patents as cloud technologies have been developed and adopted.

4/25/2013

Container-Based Virtualization

Does not virtualize hardware, but instead isolates each guest in its own repository of resources

Container-based virtualization is a viable option for cloud providers because they can easily provision cloud resources purchased by customers. Example, if a customer provisions a 1GB MySQL cloud database, a container can be created for that customer with the appropriate CPU, RAM, Disk, as well as IO and network capabilities. The virtualization kernel isolates each container and manages the underlying hardware’s resources accordingly.

IHV

Independent Hardware Vendor – direct seller of IT hardware

Many SMB and enterprise businesses partner with a trusted vendor or value added reseller for procurement of of server, network, and computer equipment although online equipment sellers are also considered IHVs.

4/23/2013

Mashup Web App

Mashups aggregate and stitch together third-party data into one, interactive user interface. The web application spreads roots across the Web, utilizing data and functionality retrieved from data sources that lay outside its platform boundaries. Several APIs may be utilized.

VPC

Virtual Private Cloud – internal network within a public cloud in which resources are segmented for a single customer

Example, Amazon VPC allows customers to configure a VPN to connect internal infrastructure to servers, storage, and other services within Amazon Web Services. Employees at the local office can log into servers in a similar fashion to servers at the local datacenter.

4/19/2013

Internal Cloud

infrastructure which supports services within an organization’s IT scope

Internal cloud is used loosely around the industry and may mean any service offered to an organization’s employees by the IT staff. Virtualization and flexibility are commonly associated with the internal cloud but the term does not necessarily describe any single technology.

aka Private Cloud

4/18/2013

Hybrid Cloud

a networking and server environment including both local, private infrastructure and a direct connection to one or more public clouds

Companies may create a VPN connection from their local datacenter to a public cloud like Rackspace or Amazon Web Services. Servers can be spun up at the provider, joined to domain, or connected to locally. Direct access to storage and other services is also possible from the company office.

4/17/2013

HaaS

Hardware as a Service, physical equipment is provided in an environment over the internet by the provider

Companies requiring dedicated, physical hardware may use HaaS. Their servers and network equipment is housed at a hosting provider but the customer never touches or sees the physical machines. Clients with compliance requirements or those which require high resource utilization benefit from the segmentation of dedicated hardware or the direct access to resources. Rackspace is an industry leader in HaaS.

4/16/2013

Consumption-Based Pricing

business model in which customers are billed for the amount of service or product they consume

A cloud service provider may charge per gigabyte for storage rather than a static, X dollars per month with a storage limit. Another example: a consumer pays for the number of hours their servers are turned on rather than buying the server.

4/15/2013

CloudStorming

connecting multiple cloud providers within a single infrastructure

An example of cloudstorming: a company uses both Rackspace and AWS to host pieces of their infrastructure. VPN connections are set up to both using AWS VPC or Rackspace RackConnect®. A Microsoft Active Directory topology may segment a site for each environment.

4/12/2013

URI, Uniform Resource Identifier

a unique mechanism to identify pages, images, videos, or sound clips on the internet

The most common form of URI is a web URL. However, URIs can be more generally defined and can describe:

The specific server or computer that a resource is housed in

The specific filename of the piece of content

The path or mechanism used to access a resource

4/11/2013

Internet of Things

concept that all objects and people in daily life are uniquely identifiable and virtual representations of these unique IDs can be interconnected

If the world is filled with interconnected, sensor-laden devices theoretically builds a smarter planet (like the IBM commercials). An example application is with stoplights, bus schedules, and benches. If a bus stop bench reports 6 sitting people, stop lights may be altered to speed the bus on route. The cloud is seen as a step towards full-scale “Internet of Things.” The vast scalability means computing can grow and shrink to meet demand, including all of those uniquely identifiable objects.

4/10/2013

Cloud Broker

An entity which creates connections to multiple cloud service providers on disparate infrastructures, acting as a liaison on the customer’s behalf

Enterprises gain a unified cloud infrastructure without the risk of lock-in or loss of services in the event of a system failure. Examples of cloud brokers vary in size and application. The Defense Information Systems Agency has been designated as the US Department of Defense’s enterprise cloud provider. Business-level companies like Infosys and Rightscale offer unification solutions to enterprises and the SMB market.

4/9/2013

Cloud Gaming

Online game playing that allows streaming to a computer, play from any device, or transferable settings between consoles

Zynga allowed users to break into the cloud gaming industry with hits like Farmville and Words with Friends. These games were accessible from any computer and now, any device.

aka: gaming on demand

4/8/2013

Cloud Engineering

application of engineering methods to bring a systematic approach to the high-level concerns of standardization, jurisdiction, and commercialization of cloud computing systems

Cloud engineering is the high-level view which focuses on all disciplines; software, infrastructure and platform. As cloud computing has become commercially viable, oversight has been necessary to maintain a set of standards. These standards make it possible for these services to be interchangeable and comparable in the open market.

4/4/2013

Multi-Instance Architecture

separate instances (hardware, virtual, or software) are configured for different client organizations

Contrasted with multitenancy where a single instance runs on a server and serves multiple client organizations.

An example: a development firm creates a web application for its clients. In multi-instance architecture, each client has its own server on which the software is housed. Multitenancy is a single server and web app which serves multiple clients. Each client has their own login and customized software but all back end infrastructure is combined.

4/3/2013

Skeuomorphism

a design technique that imitates functionally necessary design elements in original products but have now become ornamental

An example of a skeuomorph is the leather binder in Apple’s iBooks or a rolodex icon signifying a contact list. The same can be seen in cloud infrastructure. Virtual network switches may be represented by a picture of a network card, save functionality is a 3.5″ floppy disk, and virtual machines are shown as a physical server box.

4/2/2013

Pedagogical

of, relating to teaching or education, ranging from human development to skills acquisition

How is this related to the cloud? Benchmarks in the technical side of IT departments are typically wrapped in a certification or continuing education process. While the cloud is new, many people are learning its core concepts through hands on trial and error. The industry lends itself to this type of learning since there is no large investment necessary. Pedagogically, the concepts are easy to study and teach. The hands on availability makes it easy to apply these theories in a practical, usable way.

4/1/2013

Scale Down

The process of provisioning smaller instances to match demand

For example, a customer normally runs their web application on 2 Medium Amazon EC2 instances behind a load balancer. If traffic to those apps dramatically increases, those 2 Medium Amazon EC2 instances may resize down to small size.

Scale In

decreasing the number of resources to match demand

Example, a customer normally runs their web application on 4 Medium Amazon EC2 instances behind a load balancer. During the night, load decreases to minimal levels. The customer may scale in their infrastructure, changing from 4 to 2 instances.

aka: scale horizontally

3/28/2013

Scale Up

provisioning larger resources to match demand

For example, a customer normally runs their web application on 2 Medium Amazon EC2 instances behind a load balancer. If traffic to those apps dramatically increases, those 2 Medium Amazon EC2 instances may resize up to large size.

Elasticity

In the cloud computing context, the ability to deploy application resources nearly instantly and then quickly resize those resources as workload changes.

Companies like Rackspace and Amazon Web Services pitch elasticity as one of the core differentiators from traditional IT models. If an application reaches its peak demand at noon every weekday, 20 servers may be running behind the load balancer, responding to client web requests, while during the night, when demand drops, only 5 hosts remain up. In a single server scenario, the host may run at 8 CPUs during the day and scale down to 2 at night. The cloud customer only pays for the resources used.

3/25/2013

HPC Clusters

High Performance Computing clusters are engineered to provide high-performance network and computational capabilities, allowing applications to get the performance required for tightly coupled, node-to-node communication.

HPC Clusters allow scientists, engineers, and business analysts to solve complex problems. Typically, these applications must wait to access shared clusters, supercomputers, or acquire expensive hardware systems. Using cloud instances, customers can spin up low cost, elastic resources and pay for only what they use.

3/22/2013

Sustainability

The responsible management of resource use. the human capacity for care-taking of environmental, economic and social dimensions.

While cloud computing is assumed to be “green”, viable evidence is yet to be produced that demonstrates the public cloud to support that thought. Energy efficiency may be gained at scale when providers practice energy-aware scheduling. Certain geographic areas may be more efficient due to their capacity for natural cooling due to climate or access to renewable electricity.

A unique approach has been raised by Microsoft research. The proposal is to place distributed servers in homes and offices, using the server as a primary heat source.

3/21/2013

Software-Defined Networking

control plane of network equipment is separate from the data plane, access to administrative interfaces is available to applications or other external engines where they were previously proprietary or inaccessible

The definition of SDN has varied over time. The current emerging sentiment focuses on the programmatic access to network equipment. Cloud providers like AWS and Rackspace provide customers APIs to load balancers, firewalls, and routing protocols.

3/20/2013

DevOps

A job role or title which includes both software programming (dev) and server/network administration (ops)

The cloud is demanding skillsets be diverse and two old IT silos, development and operations, have combined into one job description. DevOps individuals generally bridge the gap between these two silos and can translate software engineers’ requirements to the server and network teams.

3/19/2013

Peak Load Capacity

In the cloud context, the potential ability of an infrastructure to perform, yield, or withstand peak demand

Peak load is the time of highest resource demand from an application. Traditionally, equipment needed to be requisitioned to handle peak load but those resources became underutilized during other timeframes throughout the day. With the cloud, admins do not need to engineer the environment for the highest load levels. Resources can be scaled up or down to match demand.

3/18/2013

Hardware Abstraction

sets of routines in an operating system or applications which provide a platform to access underlying hardware resources

Early computing systems did not have a hardware abstraction layer (HAL) and software developers needed to know how to communicate with each hardware device. With HALs, software instructs the operating system what it needs from a device and the OS translates those instructions.

If you have ever run into driver issues on a Microsoft Windows Server during a P2V, sysprep, or when moving between virtualization platforms, a common problem is with the HAL-related DLLs. For example, a Standard PC may use hal.dll while an ACPI Multiprocessor PC utilizes halmacpi.dll. Device Manager does not allow for changing between these HALs and a new build of the OS is required.

3/15/2013

Competitive Differentiation

products, processes, people, business ideals which set a business apart from the market

Competitive differentiation applies to the cloud when a company’s technology strategy gives them an advantage over competitors. Cloud adoption flattens the playing field.

For example, Laura’s Insurance Company runs virtual servers, making Laura’s datacenter run more efficiently at less cost. Curt’s Insurance Company runs all physical servers which are expensive to run and maintain. Curt’s business runs with higher expenses and must charge more for the product. When both companies adopt the cloud as a part of the IT infrastructure, operating expenses can be leveled and competitive differentiation is equalized.

While cloud offerings are the same to Laura as they are Curt, efficiencies are present and can be realized. Having a mature cloud strategy gives IT staff the comfort level and experience to take advantage of these efficiencies. Early adopters have seen their infrastructures develop into auto-scaling, elastic systems which consistently track to the demand of the business.

3/14/2013

Compute Cycle

a unit of measurement in cloud environments which represents an aggregation of resource usage. PaaS applications commonly bill based on compute cycles which is calculated using processor as the core metric.

This measurement varies from one provider to the next. A common benchmark is that 10,000 compute cycles is roughly equivalent to a modern processor. Rackspace defines as 10k CC = one 2.8GHz server processor capacity although disk IO may also figure into the final number. Memory and bandwidth generally function independently of Compute Cycles.

3/13/2013

Access Control

the ability to monitor, verify, and restrict connections between people, assets, or information.

In the castle analogy, access control is the guard, asking for identification or a password, verifying you have access to certain areas of the internal environment. In the IT context, access control may include subnet control, VLAN segmentation, file security, and other controls in place which check an individual’s credentials and group membership.

Access Control relates to permitting or denying access, an interactive process, while perimeter control is intrusion prevention.

3/12/2013

Perimeter Control

authority of network intrusion at the edge device. In the cloud context, normally a port and IP-blocking firewall

Perimeter control is the castle walls, a first line of defense against intruders. The term is normally referred to in the IT context as the firewalls and edge devices used to allow and block traffic into the DMZ or internal network but may be expanded to include physical security such as card readers, physical datacenter keys, security guards, etc.

3/11/2013

Paravirtualization

Paravirtualization is a virtualization method which allows multiple operating systems and components to run on shared hardware.

Paravirtual techniques operate with a closer relationship to the underlying hardware which is where it differs from full virtualization, where all components (machine CPU, memory, disk, BIOS, network card) in a VM are emulated. Performance is improved when some critical tasks are executed relocated within host hardware as opposed to being fully run in the virtual domain.

Paravirtual components will often be offered to virtual machines. These components will allow tasks to be run within the underlying hardware than other adapters. The virtual machine operating system must support this virtual hardware through its driver sets.

3/8/2013

Virtualization

Virtualization is a technique which allows multiple operating systems, storage, network, or other component platforms to run within shared hardware at the same time.

Multiple virtual machines (VMs) may run on a single server. The VM operating system and end users see separate servers running segmented roles. From the hardware’s perspective, the VMs are merely sets of files which share resources like CPU and memory.

3/7/2013

Intercloud

Theory that each cloud is an extension of the internet and may be interconnected to other clouds to increase resource allocation and geographic topology

Intercloud is based on the grid concept that each, single cloud does not have unlimited geographic footprint or infinite resources. If a cloud saturates its own infrastructure, it can still satisfy requests for service from clients. The scenario would processing, storage, or other resources can be allocated from other clouds. The commodity is easily transferable and may eventually create a more open market between vendors.

3/6/2013

ITaaS

IT as a Service – an all-encompassing service model describing an IT department utilizing cloud as a part of their service offering

IaaS, PaaS, SaaS, STaaS, SECaaS, DaaS, TEaaS, APIaaS

This IT methodology means IT departments are flexible and procedures are set to administer systems from anywhere. Distributed business units are supported by a distributed IT department.

3/5/2013

TEaaS

Test Environment as a Service – a delivery model in which a software development platform is centrally hosted, an on-demand test environment

Developers can code utilizing TEaaS’s hardware, network, and operating system. These development solutions are then presented to end users to confirm functionality before merging to production. When software solutions are presented to end users, these are sometimes referred to as pre-release versions or beta.

3/4/2013

DaaS

Data as a Service – data is presented from a centralized location to applications or users, regardless of their location or device

An example of DaaS is Xignite who provides financial market data on demand via their API. Another is Urban Mapping, a geography data service that allows real-estate companies to embed data in their own sites and apps.

3/1/2013

DaaS

Desktop as a Service – a hosted personal computing environment separate from a physical location or machine

The end user is delivered the information system environment (email, file servers, internal apps) or the environment itself (a full desktop) to a remote client device. The client device may use an entirely different hardware architecture from that used by the projected desktop environment, and may also be based upon an entirely different operating system. A user may log in from a thin client locally, through a web portal over the internet, or from mobile devices.

aka: Virtual Desktop Infrastructure (VDI), client virtualization

2/28/2013

Autonomic Computing

self-managing characteristics of computing resources, those which automatically adjust to demand and change while hiding intrinsic complexities of underlying architecture from operators and users

2/27/2013

Utility Computing

The “aaS” in IaaS, PaaS, and SaaS means the related resources are delivered as a service, in a utility computing fashion. Adoption of this delivery model has dramatically increased between 2010 and 2012.

IDC estimates that 24% of new business software purchases will be delivered as a service by the year 2015.

Grid Computing

a distributed system running from multiple locations or domains. Grid computing typically handles large, non-interactive workloads which involve large databases, high volumes of files, or CPU-extensive processes

A grid member computer is typically connected by a network interface instead of the high-speed computer bus in typical supercomputers. A common application of grid computing is in CPU scavenging where unused resources of network participants, home computers, servers, etc, run instruction cycles while the user is away at night or at lunch.

Folding@Home is a Stanford University project used to understand proteins, protein misfolds, and associated diseases. The project allows users to download and run client software to increase simulation speed by providing unused computing power from their local machine.

aka virtual supercomputers

2/25/2013

Obfuscation

a practice used to intentionally make something more difficult to understand. In the web development realm, code structure is made harder to read for security purposes.

Program slicing or Deobfuscation techniques are employed to reverse engineer obfuscation. A tool called an obfuscator is used to convert code.

2/22/2013

Replace vs Repair

one resource assumes the former role of another instead of patching or upgrading

Replace vs Repair is a concept made possible by elastic resources of virtual infrastructures and the cloud. Example is web infrastructure. Web server 1 hosts a website. In front of the server is a load balancer. OS updates must be done. Web server 2 is deployed from web server 1’s image. OS updates are run on web server 2 and it is rebooted. Once site functionality is confirmed on server 2, it is added to the load balancer pool. Web server 1 is removed and deleted. The load balancer now sends all traffic to web server 2 and no disruption in site functionality is realized.

2/21/2013

Location Independence

computing service delivery attribute in which services and applications can be run from any location

Similar to and often coupled with device independence, location independence means an end user can run services from work, home, coffee shops, cell phones or tablets.

2/20/2013

Device Independence

a computing service delivery attribute in which a software application is able to function on multiple devices regardless of the local hardware or operating system

Device Independence is a key strength of the SaaS delivery model. Users access the same software on their PC, phone, or tablet. Services are configured on cloud infrastructure are often optimized to be device independent.

Related terms: Hardware Agnostic, Platform Agnostic

2/18/2013

Client-Server Model

computing model of providers (servers) and requesters (clients) which often communicate over a network

This model has changed in recent years with the advent of cloud computing. During the golden years of IT, clients and servers were contained within local LANs where employees worked within the confines of the building walls. Now, cloud delivery models make services available from anywhere on multiple devices. Clients connect over the internet rather than on the local LAN.

2/15/2013

Middleware

services/apps which provide an interface to developers beyond those available from a base operating system

The following functions may be performed by middleware:

hide distribution of processing, network, or storage

provide hardware agnostic functionality to the software layer

optimize resource efficiency

supply common commands and functions to the software layer to avoid additional coding

provide standardized interfaces for developers so applications can interoperate and be easily ported

The term can be placed rather generally. In the cloud computing context, middleware may give developers and system integrators better insight and administration of their underlying infrastructure.

2/14/2013

OCCI

Open Cloud Computing Interface – a common set of open, community-driven specifications for public cloud resource interactions

OCCI provides a protocol and common API components for IaaS based services. The current OCCI specification set consists of three documents, with future releases planned to include additional specifications.

SDK

Software Development Kit – a set of development tools which allow for the creation of software applications, built for a specific framework, hardware platform, computer system, operating system, or similar platform.

How is an SDK different from an API? An SDK is tooling for building something while an API is the interface. An analogy would be electrical wiring in your house. An API would be the power connections between an appliance and the wall while an SDK may be a kit to build a custom appliance. -a build-it-yourself toaster or something similar.

Examples of an SDKs include the iPhone app developmentSDK, Android SDK, or Xbox Development Kit.

2/12/2013

REST-based API

REpresentational State Transfer Application Programming Interface – for the web, a stack of software architecture for distributed systems which follows basic guidelines:

Each resource has an ID. the web service has a base URI (http://website.com/webapp)

The media type is a common, supported hypertext standard (many times XML but can be others)

The API must be hypertext driven

A standard set of API operations is supported within HTTP methods (GET, PUT, DELETE)

REST is not a “standard” published by any group or organization. The purest meaning of REST is just the architectural style. This style can be applied to HTTP and the web.

Alternatives are SOAP, RPC, CORBA and WSDL. The main differentiators for REST is agility of design, ease of implementation, better cache support, reduced network traffic, and an overall lightweight approach.

2/11/2013

API

Application Programming Interface – set of routines, protocols, and tools for building software applications.

APIs are many times vendor-specific, providing the building blocks for a developer to put all the pieces together in a final product: desktop, web, mobile apps. Cloud provider APIs allow web developers to programmatically provision, scale and configure their infrastructure/platform.

Multitenancy

a single instance of software or infrastructure serves multiple, diverse customers at the same time

Multitenant applications are much more efficient than the traditional client-server hosting model, where the server to customer ratio is 1:1. The other key attribute that makes cloud multitenant applications attractive is their scalability. Examples of multitenant applications include Facebook, Google Apps like Gmail on the consumer side and Salesforce or LinkedIn in the business realm.

2/6/2013

APIaaS

API as a Service – publicly-available service platform which enables procedures and subroutines to be run from a hosted, centralized environment

When a company wants to provide developers with a programming interface to their software, they may provide APIaaS. The differentiator for APIaaS from API is the platform is centrally hosted, provided publicly where procedures and subroutines can be executed remotely. Programmers do not need to download the API and run procedures on their local platform. APIaaS may be rolled into a PaaS or SaaS solution, providing developers with test, dev, and production environments.

SaaS

Software as a Service – a software delivery model where application and associated data are centrally hosted on the cloud. Users do not manage the infrastructure or platform on which the application is running

Examples of SaaS include Microsoft Office 365, Google Apps, and Salesforce.com applications. Rather than selling a local copy and license of Microsoft Office for $100-350, a SaaS model provides the software online for $6-20 per month. All documents, email, spreadsheets, and other files are hosted by Microsoft and are accessed independently of device or location.

2/4/2013

PaaS

Platform as a Service – a service model of cloud computing which provides a software development solution stack as a service, offering the facilities to deploy applications from anywhere without buying underlying hardware and software

Examples of PaaS include Rackspace Cloud Sites, Amazon Elastic Beanstalk, Windows Azure, Google App Engine, AppHarbour, and Cloud Bees. PaaS is the layer between the software and the infrastructure, providing developers with specialized APIs in their specific programming segment. For example, a .NET developer looking for a place to host a web application, someone who uses SQL for his database backend and IIS for web hosting, may look to Microsoft Azure.

2/1/2013

IaaS

Infrastructure as a Service – a service model of cloud computing which centrally hosts virtual machines, servers, storage, load balancers, network

Examples of IaaS include Amazon Web Services and Rackspace offerings. IaaS is the building block on which PaaS and SaaS are built. It replaces traditional on-site servers and networking. The solutions are elastic, administered from anywhere, and on-demand, pay for what you use.

1/31/2013

Event-Driven Architecture (EDA)

framework that orchestrates and reacts to significant, identifiable occurrences within code, platform, or infrastructure

An EDA consists of event creators and consumers. Creators, usually some type of middleware event manager, is aware the event has occurred. Consumers receive notification of an event from a creator and react, process, or may be simply affected by the event.

Example, a consumer buys coffee from a distributor. The coffee inventory level lowers below a threshold. The distributor’s system treats this state change as an event which is published to various applications within the architecture. The website may remove the item from being displayed and an inventory system initiates the process to order more coffee.

1/30/2013

Service-Oriented Architecture (SOA)

Underlying structure which is built to support communication between services, programs, or servers

SOA allows two computing entities to interact in such a way that one is able to perform a unit of work on behalf of the other. SOAP-based web services are the most common usage of SOA. Functionality can be siloed into separate servers or computing units. For example, a website may be composed of a static frontend site, hosted by a single server instance. When a visitor browses products, inventory services is called which are hosted in a separate computing instance. Checkout of an order is handled by yet another server. The entire process is managed by communications between the web services, programs talking to other programs. These do not have to be separated by infrastructure but may run at the code level on a single host.

2/12/2013

REST-based API

REpresentational State Transfer Application Programming Interface – for the web, a stack of software architecture for distributed systems which follows basic guidelines:

Each resource has an ID. the web service has a base URI (http://website.com/webapp)

The media type is a common, supported hypertext standard (many times XML but can be others)

The API must be hypertext driven

A standard set of API operations is supported within HTTP methods (GET, PUT, DELETE)

REST is not a “standard” published by any group or organization. The purest meaning of REST is just the architectural style. This style can be applied to HTTP and the web.

Alternatives are SOAP, RPC, CORBA and WSDL. The main differentiators for REST is agility of design, ease of implementation, better cache support, reduced network traffic, and an overall lightweight approach.

1/29/2013

Opportunity Cost

an economic concept which considers costs related to not making a decision. Opportunity costs are not restricted to direct monetary gain. Lost time, morale, output, and other indirect factors should also be considered.

This is an important concept in IT decision making as there may be no direct cost associated with maintaining the status quo of an onsite datacenter, physical servers, software licensing, etc. Studies show that roughly 80% of IT effort and expenditure is used on processes that do not create value for the organization but go towards maintaining that status quo. If a portion of this 80% can be redirected to core business processes and applications, a move to the cloud is a benefit which may not be realized unless that optimal option is considered.

1/28/2013

OSSM

Servers are on-demand, meaning images and instances are configured to best practices for their specific role and are ready to be deployed nearly instantaneously. Customers have self-service control of their resources. Computing capacity grows/multiplies and contracts/shrinks to closely match demand, meaning servers are scalable. Measurable, real-time metering and reporting lets customers know exactly what is being utilized.

TCO

Total Cost of Ownership – total direct and indirect costs of a product or system

Because pricing structures of on-premises infrastructure and IaaS differ so much, accounting analysis may be necessary to realize the bottom line differences. CapEx, IT OpEx, and business-level OpEx should be examined. The TCO model should also extend over the expected lifecycle of applications and hardware.

1/24/2013

Cloud-Oriented Architecture

A conceptual model which centers in a hosted environment and encompasses core elements of a system infrastructure

On-premises infrastructure can be extended to a hosted environment to streamline disaster recovery. Some systems must be exposed to customers or to employees working outside the internal network. These public-facing pieces of infrastructure often perform better and more reliably when centrally hosted.

From a macro viewpoint, global adoption of cloud-oriented architectures is an essential building block towards the internet of things, where anything (park benches, coffee makers, cars) can be identified, tagged, and interconnected.

aka COA

1/23/2013

Commoditization

The process by which goods and services have distinguishable economic value in terms of uniqueness or brand become comparable commodities in the eyes of the market.

This may be a movement from a differentiated to an undifferentiated price or from monopolistic to healthy competition. In the IT context, computing power is in the process of being commoditized as it moves from specific vendors at local datacenters to cloud providers where services are interchangeable.

1/22/2013

“Not Built Here” mentality

Internal IT’s belief that technology solutions should always be built in house and that any solution that is obtained from third party provider is sub-optimal when compared to something built and deployed within the organization.

Managers and technical employees carry a certain “stay off my lawn, outsiders” sentiment to their work. While it is nice to have complete control of power, network, and other components of a data center, it is also advantageous to be able to escalate issues to outside providers when issues arise.

External Cloud

Democratization

In the cloud computing context, any individual or business can access storage, computing power, bandwidth, and databases traditionally only available to government and enterprises

Enterprise-level infrastructure previously only available to those organizations who could afford it is now available to anyone with an internet connection. The investment of thousands of dollars to obtain the hardware, software, and maintenance necessary to run high performance applications is no longer required. Pre-cloud computing paradigms, total cost of ownership, staffing, and server room administration, that held back so many businesses have been disrupted.

1/16/2013

Big Data

generally used to describe data sets so large and complex they become awkward to work with using single instance database management tools

Utilitization

act of applying a financial model to which a product or service charges for metered usage

Whether termed the cloud or utility computing, a new economics model exists where computing infrastructure is moved to specialized providers who can use their scale to cost-effectively deliver this service. Compare this shift away from local data centers to that of the electricity model of the early 20th century. It was expensive for organizations to create their own electricity plant to power a factory. The same as those factories, cloud customers are now taking advantage of utilitized cloud offerings so they can focus on product innovation and the core business, rather than underlying storage, networking infrastructure, hardware failover, etc.

1/14/2013

OpEx

IaaS, SaaS, PaaS costs are considered operating expenses as they are paid on a recurring basis in flexible increments. Infrastructure stacks (hardware, virtualization, OS, database, associated licensing and support) are rolled into this monthly cost to the business.

1/11/2013

CapEx

Capital expenditures – When a business spends money to either buy fixed assets or add to the value of existing assets in the hope of realizing future value

For the cloud computing context, CapEx are the large investments in non-cloud infrastructure. Buying bulky (physically and on cash flows) servers, networking equipment, licensing, and software which needs to be configured, procured, and maintained by IT staff. Cloud computing provides an alternative to these clumsy CapEx purchases with on-demand, utilitized, virtual servers and equipment.

1/10/2013

Rationalized Access

More commonly known as role-based access, gives specific users and groups access to only to resources they need

For example, database admins may only have access to MySQL or a business unit is given rights to specific cloud storage buckets. Amazon Web Services has a well-developed Identity and Access Management System for accessing AWS resources. AWS IAM is capable of integrating with existing infrastructure like Microsoft Active Directory.

1/9/2013

Amalgamation

merging of business units, undertakings, or workflows into one. In cloud computing, the work of multiple organizations toward a standardized, portable set of development and infrastructure models.

The cloud community is considered an amalgamation as it centers around open source, open design, open development and an open community that is fully transparent. -as in the open standards cloud, common APIs. A good example is in the OpenStack participating companies.

1/8/2013

CDN

Content Delivery Network – A system consisting of multiple hosting locations that contain copies of data so clients can access the copy closest to them

The primary benefits of CDNs are redundancy and speed of access. Static content like photos and videos are commonly placed in CDNs. When a client browses out to that static content, it is retrieved from the data center closest to them, reducing time of access. Examples of CDNs are Amazon CloudFront and Rackspace Cloud Files, powered by Akamai.

1/7/2013

Vendor Lock-In

When an organization is unable to move between service providers because their data, processes or infrastructure are inextricably linked with one particular provider.

This has always been a problem in the technology realm and is nothing new for Iaas, PaaS, or SaaS. Most cloud providers are built on a standard set of products and processes which are portable. Scripts may be configured to work win a particular API. Industry professionals encourage Open Standards and several organizations have been formed to advocate a set of industry-wide principles. The costs of re-architecting load balancers and auto scale groups need to be considered. A majority of pricing models have been stable for a long time but situations like the Google App Engine price increase late last year could arise.

1/4/2013

Sunk Costs

retrospective, undepriciated costs that have already been incurred. -a generally well known business term, for the cloud, this means capital expenditures towards existing, internal IT hardware, software, and licensing

Classic economics states that sunk costs should not affect decision making. However, it is commonplace for stakeholders to deny their organization an opportunity to innovate because of a past, bad buying decision. While internal IT is considered CapEx, IaaS and cloud resources are OpEx, meaning 2 things; 1. a migration from internal to cloud may incur some sunk costs for past capital expenditures and 2. sunk costs are limited in a cloud project, turn off the servers, network, and other infrastructure at any time.

1/3/2013

Fungible

the properties of a good or commodity which make it freely exchangeable or replaceable for another of like properties

When the hardware that powers servers is indistinguishable and interchangeable, it becomes a fungible commodity. This interchangeable property means that applications and data are open and portable between providers. Servers can run on cloud infrastructure the way an appliance runs on electricity or a car runs on gasoline.

1/2/2013

Vertical Cloud

A cloud computing environment which is optimized for a particular industry like health care or banking

Many PaaS providers or SaaS developers target a particular industry. For example, a platform provider needs to maintain HIPAA compliance if their offerings are targeted towards health care or PCI for a financial services clients.